curl-tracker Archives

[curl:bugs] Re: #1349 Expect: 100-continue sent with no body violates RFC.

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Fri, 04 Apr 2014 12:35:00 +0000

I agree that "Content-Length: 0" together with "Expect: 100-continue" is plain nonsense and that's the main bug I take from this bug report.

"Content-Length: 0" in a request without the Expect: header is perfectly fine. It is a signal that there's 0 bytes sent in a request, which for PUT or POST is not the norm. If you want to persue to somehow limit the use of that, I suggest we do that as a separate bug report to not confuse matters too much here.

---
** [bugs:#1349] Expect: 100-continue sent with no body violates RFC.**
**Status:** open
**Created:** Tue Mar 25, 2014 12:40 AM UTC by JimS
**Last Updated:** Wed Apr 02, 2014 12:00 AM UTC
**Owner:** Daniel Stenberg
When doing a POST of a zero length file, or any file when using digest authentication curl will issue an "Expect: 100-continue" header as well as a "Content-Length: 0". This violates RFC-2616 and earns a 400 error code from servers written in Go 1.2.
Section 8.2.3 includes:
> A client MUST NOT send an Expect request-header field (Expect) with the "100-continue" expectation if it does not intend to send a request body.
Once the problem is understood, using "-H Expect:" suppresses the header and allows the command to function normally.
If a Content-Length: 0 for a zero length POST constitutes not sending a body is debatable. Omitting the body when digest authentication probes to get a nonce is clearly against the RFC.
Maximum compatibility would be achieved by omitting the "Expect" header in both of these cases, the queries would save a turnaround, and there is no performance downside, since the bodies are empty anyway. There is probably an applicable code path, since doing a POST of /dev/null does not send the Expect header.
~~~~~
$ curl --version
curl 7.26.0 (x86_64-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
~~~~~
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.

Received on 2014-04-04

This message: [ Message body ]
Next message: Daniel Stenberg: "[curl:bugs] #1349 "Expect: 100-continue" used when "Content-Length:0" in PUT request"
Previous message: Daniel Stenberg: "[curl:bugs] #1352 WinSSL times out when uploading and timeout option is set to 0"
In reply to: JimS: "[curl:bugs] Re: #1349 Expect: 100-continue sent with no body violates RFC."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

These mail archives are generated by hypermail.